foz1234 Posted April 25, 2017 Share Posted April 25, 2017 yes lol...what safe to leave or change back 1 Quote Link to comment Share on other sites More sharing options...
[email protected]. Posted April 25, 2017 Share Posted April 25, 2017 Yes to which answer? Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted April 25, 2017 Share Posted April 25, 2017 Sorry.. I'm flat out doing 55 things at once. Leave it false for now. 1 Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted April 25, 2017 Share Posted April 25, 2017 31 minutes ago, bsandall said: Perhaps also checked against a whitelisted set of allowed URLs? Since, you know, CSRF is exactly that - an attack by a remote server. EDIT: And by whitelisted URLs, I mean internal (CubeCart) ones that are allowed to be called remotely without a CSRF token. That explains why my MailChimp plugin is creating subscriptions from the Newsletter Subscription tab in CC customer account, but can't handle an unsubscribe from MailChimp. There needs to be some way to allow certain remote actions that plugins, etc., might need. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted April 25, 2017 Share Posted April 25, 2017 5 hours ago, foz1234 said: Many thanks for your order! The order status is currently pending but it will automatically update to processing once payment is confirmed. Normally this is automated and will happen within the hour but please do contact us if you require more information. I rolled back our plushcatalog store to a GitHub commit from early March (basically back to 6.1.5). I then took an order all the way to payment and, unlike my usual testing, I actually paid for it with a different account debit card. I used a different domain email address. And all the payment process worked properly. And the refund from PP processed correctly on CC as well. I DID see the part I've quoted from your comment, @foz1234 But by the time I checked in admin, it had Processed. All the CSRF changes are what I don't have in my live code. I DO still have captcha turned off, thanks to all the changes in that coding that my plugins and edits don't have yet. Quote Link to comment Share on other sites More sharing options...
[email protected]. Posted April 26, 2017 Share Posted April 26, 2017 I have had two calls this morning from customers who after filling in their details at checkout, found that when they clicked on the 'secure checkout' button were unable to proceed! I did a test purchase while they were on the phone and I too could not get past this stage... I had changed the config.xml as per yesterdays advice from @Al Brookbanks but after changing <csrf>false</csrf> back to <csrf>true</csrf> everything seems to be working again... Quote Link to comment Share on other sites More sharing options...
foz1234 Posted April 26, 2017 Share Posted April 26, 2017 what recaptcha are you using? Quote Link to comment Share on other sites More sharing options...
[email protected]. Posted April 26, 2017 Share Posted April 26, 2017 The new 'silent' version Quote Link to comment Share on other sites More sharing options...
foz1234 Posted April 26, 2017 Share Posted April 26, 2017 yes there is a thread about this here Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted April 28, 2017 Share Posted April 28, 2017 Please find fix for when CSRF is enabled on the front end here: https://github.com/cubecart/v6/commit/df12071a6e99bab5e87534557e02cc4740a1173c 1 Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted April 28, 2017 Share Posted April 28, 2017 Are you planning on releasing 6.1.8 to include this ? Quote Link to comment Share on other sites More sharing options...
foz1234 Posted April 28, 2017 Share Posted April 28, 2017 5 hours ago, Al Brookbanks said: Please find fix for when CSRF is enabled on the front end here: https://github.com/cubecart/v6/commit/df12071a6e99bab5e87534557e02cc4740a1173c will this fix both PayPal and recaptcha issue Al? Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted April 28, 2017 Share Posted April 28, 2017 Just order status change automatically from payment status responses. 1 Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted April 28, 2017 Share Posted April 28, 2017 Glad to see this progress with gateways, for sure. But I have a MailChimp API plugin that communicates both ways with the store that apparently isn't able to communicate back to the store at this time on 6.1.7, thanks to CSRF. So there's still more to be done here. I understand CC is trying to shut down unauthorized server access to our stores, and that's a good thing. We just need a way to tell the code what is allowed through. Windows does the same thing with allowed exceptions in Defender. (I think it's Defender that does that - maybe something else?) Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted April 28, 2017 Share Posted April 28, 2017 Has anyone had a successful purchase via PayPal or some other gateway that automatically changed to Processing within CC? Quote Link to comment Share on other sites More sharing options...
Christopher Short Posted April 28, 2017 Share Posted April 28, 2017 13 minutes ago, Dirty Butter said: Has anyone had a successful purchase via PayPal or some other gateway that automatically changed to Processing within CC? After I capture payment from the authorizations, it will go from pending to processing. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted April 28, 2017 Share Posted April 28, 2017 Thanks for that, Christopher. Good to hear!! Hoping for feedback about automatically changing to Processing, so I can change this thread back to Resolved. Quote Link to comment Share on other sites More sharing options...
foz1234 Posted April 29, 2017 Share Posted April 29, 2017 i can confirm DB its working as it should, I've just purchased one of my own products lol Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted April 29, 2017 Share Posted April 29, 2017 Great! Quote Link to comment Share on other sites More sharing options...
Christopher Short Posted April 29, 2017 Share Posted April 29, 2017 16 hours ago, Dirty Butter said: Thanks for that, Christopher. Good to hear!! Hoping for feedback about automatically changing to Processing, so I can change this thread back to Resolved. I wish I could get it to go to processing at authorization, and complete at capture though Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted April 29, 2017 Share Posted April 29, 2017 5 minutes ago, Christopher Short said: I wish I could get it to go to processing at authorization, and complete at capture though I wish I understood all this well enough to be of help, but I certainly do not. Maybe it would be best to make a new thread about what you need, since this thread has gotten so long. Quote Link to comment Share on other sites More sharing options...
Christopher Short Posted April 29, 2017 Share Posted April 29, 2017 3 hours ago, Dirty Butter said: I wish I understood all this well enough to be of help, but I certainly do not. Maybe it would be best to make a new thread about what you need, since this thread has gotten so long. I already had one, it got almost nothing for replies Quote Link to comment Share on other sites More sharing options...
peterp Posted June 2, 2018 Share Posted June 2, 2018 Hi All, I have been just reading about the trials and tribulations of IPN PayPal and getting responses back and changing orders from pending to processing. I'm having all of these issues, PayPal doesn't seem to give a response of 200 and CC does change the status from pending to processing, I have made the changes to code in the PayPal gateway.class so that the 'amp' is removed however I haven't turned off csrf where/how do I do this, this may solve my problem (hopefully). I'm currently using version 6.2 of cubecart. Hope somebody can help me or point me in the right direction Best Regards, Peterp Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.